Published May 20, 2025
The Finnish Innovation Fund, Sitra (business ID 0202132-3).
Address: Itämerenkatu –11-13, PO Box 160, 00181 Helsinki Phone: +358 294 618 991Email: kirjaamo@sitra.fi
Data Protection Officer:
Janika Skaffari Administrative Specialist
We process personal data in order to handle funding applications, process funding inquiries, carry out procurement procedures, administer contracts, maintain contractual relations, and pay remuneration or compensation.
Personal data is not processed by means of automated decision-making.
Personal data is processed primarily on the basis of legitimate interest.
In the case of a contract between Sitra and a private individual, the personal data of the private individual is processed for the performance of the contract.
The controller’s legitimate interest is based on the meaningful relationship between the controller and the data subject. The processing ensures the management of financing, procurements, and other agreements, as well as the realisation of the rights of both parties.
Personal data is mainly collected from the data subject or the organisation they represent.
Data collected in the register is retained only for as long as necessary and to the extent required in relation to the original or compatible purposes for which the personal data was collected.
The personal data collected in connection with funding applications and funding inquiries is retained for two (2) years.
Personal data processed for the purpose of contract management is processed for as long as necessary for the performance of the contract.
An extract from the criminal record processed in connection with the procurement procedure is destroyed or returned once the statutory inspection has been carried out.
The personal identity code collected in connection with strong authentication is retained for thirty (30) days.
The personal data contained in the register is not regularly disclosed to external parties or organisations. Personal data may be disclosed as part of a request for information based on the Act on the Openness of Government Activities (621/1999).
The personal data contained in the register may be transferred outside the EU or EEA. Any such transfer shall comply with the European Commission’s standard clauses or otherwise ensure that the transfer is carried out in accordance with the General Data Protection Regulation.
The databases containing personal data are located on servers that are kept in locked, secure facilities and can only be accessed by authorised individuals whose duties require such access. The servers are protected by a firewall and other appropriate technical safeguards.
Any physical data material containing personal data is kept in locked, secure facilities and can only be accessed by authorised individuals whose duties require such access, and who process this personal data as part of the performance of their duties.
The databases and systems can only be accessed with separately issued personal usernames and passwords. Sitra has restricted the access rights and authorisations to data systems and other storage media so that the data can only be accessed and processed by individuals whose duties require it for lawful processing purposes. In addition, the database and system transactions are registered in the logs of Sitra’s IT systems.
Sitra’s employees and other personnel are bound by a confidentiality obligation and are required to keep confidential any information received in connection with the processing of personal data.
The data subject has the following rights under the EU General Data Protection Regulation:
In addition, if personal data is processed for the performance of a contract i.e. a contract between a private individual and Sitra, the data subject also has the right to request the transfer of their data from one system to another.
Requests concerning the implementation of the data subject’s rights should be directed to Sitra’s registry by email at kirjaamo@sitra.fi
The data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman if they consider that the processing of their personal data infringes the EU General Data Protection Regulation.
We reserve the right to update this privacy policy by notifying any changes on our website. The updates may, for example, be based on changes in legislation.